Data under lock and key
23 February 2016 3723 Views
Each time I find something interesting in the data the National Association of Commercial Finance Brokers (NACFB) collects as a by-product of its day-to-day work, I have to consider the data protection angle.
For instance, I’d like to compare specific exam pass data with the overall member data, to see if any one type of broker is any more likely to take, pass or excel at a particular exam.
By comparing and contrasting data sets, you can learn something that couldn’t be learned from just the one.
The trouble is, I’m reluctant to have members shouting “Data Protection!” at me, so I have to check I’m doing things right.
It’s a position we are all liable to find ourselves in from time to time, though in some ways things aren’t quite as restricted as they sometimes seem.
There is a distinction to be made between “sensitive” and “non-sensitive” personal data, and the NACFB only deals – with a few exceptions – in “non-sensitive” data: the sort of thing you would expect any organisation to pick up on.
If we were collecting racial or ethnic origin of a data subject, his or her political opinions, religious beliefs, trade union membership, physical or mental health or condition, or criminal offences or record, this is all considered sensitive.
The NACFB doesn’t hold any of this, for example, although we do credit checks and county court judgments. We classify those as sensitive for our purposes.
What might be of interest to brokers is the way in which, since the FCA stepped in two years ago, there has been a redoubled effort to scrutinise the processes within your office.
So the regulator will want to see that you have in place adequate technical and organisational measures to safeguard personal data from destruction, loss, unauthorised access or disclosure, both accidental and “deliberate but incorrect”.
In other words, an office that possesses no personal data from anybody must still be able to show that, if it has intentions to process personal data in the future, it also has a procedure ready in place that covers how it will deal with that data. So must linked third parties such as web hosters.
To give a practical example, if a website collects e-mail addresses, this could constitute personal (non-sensitive) data. That means the data controller not only has to register with the Commissioner but also must ensure that there are security measures to protect against hacking.
Any time you have got two separate pieces of data that could be used in combination to identify an individual, you’ve got an issue to be handled sensibly.
While we are in Lieutenant Columbo mode, there is just one more thing: all Introducer Today readers can register for our seventh Commercial Finance Expo by visiting www.commercialfinanceexpo.co.uk.
We will be back at the Pavilion at Birmingham’s NEC this year, extending the space available to allow us more room for exhibitors and delegates.
There will be a full-size conference theatre and a marquee-style business lounge, plus a new feature allowing you to “Meet the Experts”. Doors open at 9.30am on 15 June.
Adam Tyler is chief executive officer of the National Association of Commercial Finance Brokers.